MalwareDisasters is a division of MalwareIntelligence. In the same test information is captured about the behavior of malicious code, and also offering the necessary countermeasures to mitigate the malicious actions in question.

5.04.2010

A new variant of this malware is In-the-Wild. It spreads through pornographic websites. When the user clicks on any of the images that presents the page to view the video course, an alert box warns about the need to install the Flash Player 10 application and offers the download of executable called flash_player.exe course (f26c45393af03e80a40ea06aafb01c63).

Like the case previously presented in this blog, this is a ransomware that displays a window with pornographic content.

As usual in this type of malicious code in order to eliminate the annoying image, requests to send a text message SMS rate (3381) to a specific phone number (84234321)

In addition, constantly opening a website with pornographic content is also hosted at IP address 77.247.179.176

Countermeasures
Delete the following processes:

plugin.exe

watcher.exe

Delete the folder hosted on Media C:\Documents and Settings\All Users\Media